PT-2020-19904 · Prototype · Prototype
Published
2020-01-27
·
Updated
2021-07-21
·
CVE-2020-7993
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Prototype version 1.6.0.1
Description
The issue allows remote authenticated users to forge ticket creation on behalf of other user accounts by modifying the
email ID field.Recommendations
For Prototype version 1.6.0.1, consider restricting access to ticket creation functionality until a patch is available. As a temporary workaround, validate and sanitize the
email ID field to prevent modification and ensure it matches the authenticated user's account.Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Prototype